ClawHub

Orange Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Lightning wallet skill, but it handles real funds, wallet recovery secrets, and outbound payment webhooks with too little built-in safety guidance or containment.

Review carefully before installing. Use only for small amounts, keep the seed file private with restrictive filesystem permissions and encrypted backups, avoid running agent-driven sends without explicit user approval and amount limits, and configure webhooks only to HTTPS endpoints you control and trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README instructs users to POST wallet event data to arbitrary external webhook endpoints but does not warn that these events may contain sensitive financial metadata or operational details. In a wallet-for-agents context, silent exfiltration of payment activity to third-party services is a real privacy and security risk, especially if users point webhooks at SaaS platforms or misconfigured endpoints.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation states that the wallet seed is saved at a predictable filesystem location and is the only recovery mechanism, but it does not explicitly warn that anyone who reads or copies that file can steal all funds. In an AI-agent context, secrets stored on disk may be exposed through logs, backups, shared volumes, broad file permissions, or other tools, making this omission materially dangerous.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The send command is documented as a simple one-shot action without a clear warning that it transfers real funds and that Lightning/on-chain payments may be irreversible once initiated or confirmed. For an agent-facing wallet CLI, lack of this warning increases the risk of accidental or prompt-induced fund loss through unsafe automation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
When a new mnemonic is generated, it is written directly to disk and only reported via a stderr log message after the write. A wallet seed is highly sensitive secret material; silently persisting it can expose funds if the file is readable by other local users, included in backups, or left unprotected on disk. In this wallet context, that makes the issue more dangerous than a generic secret-write pattern.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The daemon posts serialized wallet events to arbitrary user-supplied webhook URLs, and those events include payment metadata such as payment IDs, hashes, txids, channel information, amounts, and timestamps. While this appears to be an intentional feature rather than malicious behavior, it can leak sensitive financial and operational data to third parties or attacker-controlled endpoints, especially if users are not clearly warned or if insecure/non-HTTPS URLs are allowed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal